Insecure dependency in eval

I’m getting an error when trying to create a new ticket.

System error
error: Insecure dependency in eval while running with -T switch
at /usr/lib/perl5/5.8.5/Locale/Maketext/Guts.pm line 247.
context:

243: unshift @code, “use strict; sub {\n”;
244: push @code, “}\n”;
245:
246: print @code if DEBUG;
247: my $sub = eval(join ‘’, @code);
248: die “$@ while evalling” . join(’’, @code) if $@; # Should be
impossible.
249: return $sub;
250: }
251:

code stack: /usr/lib/perl5/5.8.5/Locale/Maketext/Guts.pm:247
/usr/lib/perl5/5.8.5/Locale/Maketext.pm:196
/usr/local/rt/lib/RT/CurrentUser.pm:398
/usr/local/rt/lib/RT/Base.pm:119
/usr/local/rt/lib/RT/Ticket_Overlay.pm:1570
/usr/local/rt/lib/RT/Ticket_Overlay.pm:657
/usr/local/rt/lib/RT/Interface/Web.pm:340
/usr/local/rt/share/html/Ticket/Display.html:101
/usr/local/rt/share/html/Ticket/Create.html:279
/usr/local/rt/share/html/autohandler:221

Glen Gyldersleve
Account Manager
Canright Systems, Inc
(503) 968-9898 x425

What version of RT are you running? RT 3.2 and newer give you new
instructions about how to not run setuid, due to issues like this.

-jesseOn Thu, Dec 30, 2004 at 11:38:33AM -0800, Glen Gyldersleve wrote:

I’m getting an error when trying to create a new ticket.

System error
error: Insecure dependency in eval while running with -T switch
at /usr/lib/perl5/5.8.5/Locale/Maketext/Guts.pm line 247.
context:

243: unshift @code, “use strict; sub {\n”;
244: push @code, “}\n”;
245:
246: print @code if DEBUG;
247: my $sub = eval(join ‘’, @code);
248: die “$@ while evalling” . join(’’, @code) if $@; # Should be
impossible.
249: return $sub;
250: }
251:

code stack: /usr/lib/perl5/5.8.5/Locale/Maketext/Guts.pm:247
/usr/lib/perl5/5.8.5/Locale/Maketext.pm:196
/usr/local/rt/lib/RT/CurrentUser.pm:398
/usr/local/rt/lib/RT/Base.pm:119
/usr/local/rt/lib/RT/Ticket_Overlay.pm:1570
/usr/local/rt/lib/RT/Ticket_Overlay.pm:657
/usr/local/rt/lib/RT/Interface/Web.pm:340
/usr/local/rt/share/html/Ticket/Display.html:101
/usr/local/rt/share/html/Ticket/Create.html:279
/usr/local/rt/share/html/autohandler:221

Glen Gyldersleve
Account Manager
Canright Systems, Inc
(503) 968-9898 x425


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Be sure to check out the RT wiki at http://wiki.bestpractical.com

RT 3.2.2

I have nothing in rt/bin setuid (I did a generic make install).

I re-ran a quick make-install (backed up and copied over the site
config).

ls -l bin
total 124
-rwxr-xr-x 1 root rt 3069 Dec 29 16:48 mason_handler.fcgi
-rw-r–r-- 1 root root 2288 Dec 29 16:48 mason_handler.scgi
-rwxr-xr-x 1 root rt 7712 Dec 29 16:48 mason_handler.svc
-rwxr-xr-x 1 root rt 54275 Dec 29 16:48 rt
-rwxr-xr-x 1 root rt 7459 Dec 29 16:48 rt-crontool
-rwxr-xr-x 1 root rt 21568 Dec 29 16:48 rt-mailgate
-rw-r–r-- 1 root root 6815 Dec 29 16:48 standalone_httpd
-rwxr-xr-x 1 root rt 4209 Dec 29 16:48 webmux.pl

Still getting errors:

error: Insecure dependency in require while running with -T
switch at
/usr/lib/perl5/site_perl/5.8.5/Apache/Session/Serialize/Storable.pm line
21
context:

197: # whether they should generate a full stack trace (confess() and
cluck())
198: # or simply report the caller’s package (croak() and carp()),
respectively.
199: # confess() and croak() die, carp() and cluck() warn.
200:
201: sub croak { die shortmess @_ }
202: sub confess { die longmess @_ }
203: sub carp { warn shortmess @_ }
204: sub cluck { warn longmess @_ }
205:

code stack: /usr/lib/perl5/5.8.5/Carp.pm:201
/usr/lib/perl5/5.8.5/AutoLoader.pm:112
/usr/lib/perl5/site_perl/5.8.5/Apache/Session/Serialize/Storable.pm:21
/usr/lib/perl5/site_perl/5.8.5/Apache/Session.pm:522
/usr/lib/perl5/site_perl/5.8.5/Apache/Session.pm:477
/usr/lib/perl5/site_perl/5.8.5/HTML/Mason/Request.pm:1078

Glen Gyldersleve
Account Manager
Canright Systems, Inc
(503) 968-9898 x425

So the solution (which is probably not optimal) was to comment out

PerlTaintCheck On

In httpd.conf

Glen Gyldersleve
Account Manager
Canright Systems, Inc
(503) 968-9898 x425